Kubernetes Secrets manage information in key-value formats with the value encoded. It can be a password, access key, or token. With Secrets, users don't have to expose sensitive data in the configuration file. Secrets can reduce the risk of credential leaks and make our resource configurations more organized.
Currently, there are three types of Secrets:
- Generic/Opaque: https://en.wikipedia.org/wiki/Opaque_data_type
- Docker registry
- TLS
Generic/Opaque is the default type that we're using in our application. Docker registry is used to store the credential of a private Docker registry. TLS Secret is used to store the CA certificate bundle for cluster administration.
Kubernetes creates built-in Secrets for the credentials that using to access API server.